So we are just beginning the process of reviewing and looking at solutions for a host of network refreshes for about 30 locations. I'm fairly green to the networking world and am trying to get myself acclimated as quickly as possible.
SD-WAN vs traditional firewall/IPSec tunnel configuration:
I understand SD-WAN is an evolution of the traditional IPsec tunnel setup many businesses use today. We do not have any MPLS circuits in play and likely wont' be going back that route for cost reasons. Most of our locations are 50M DIA connections.
What I'm trying to get some more insight into is exactly where does SD-WAN fit in the network infrastructure of the building. Can I drop in an appliance on the edge (connecting to the ISP modem) and setup my tunnel to any other device on our WAN? Are their solutions that play nice with switches in the infrastructure to give a single pane of glass for management?
With a traditional setup we are looking at something like Cisco ISR4431 units with an IPSec tunnel back to our datacenter. We would replace switches with something like a Catalyst 2960. We generally have 6-8 switches per location and would have two routers for redundancy and failover. Does it make sense to get a firewall license or appliance in this setup?
Goals:
One of the goals is to refresh with relevant hardware. Most of our equipment is years out of date but still trucking along. Think Catalyst 2901 for IPSec tunnel and traffic routing. Our individual locations do not have a firewall, but have a router sending traffic over an IPSec tunnel to our datacenter.
We would also like to enhance security around the facility. Some of that pertains to physical network security (guest internet for physical devices not approved or ports being disabled) and some of it is for traffic segmentation and QoS. I would like to be able to go into one interface or use a single tool to push out updates to multiple routers or switches at the same time. Today I have to log in to each switch when a change is made. This is extremely tedious and time consuming. We don't have a massive network, but as we grow these tasks take longer and longer.
So I am asking what some of the differences are, what is standard practice for remote locations and what are some peoples experiences. I've been doing some reading and there is so much data out there that my eyes are starting to roll back. For reference most remote locations are 150-200 devices.
No comments:
Post a Comment